WO2015084344A1 - Détection d'attaques de canal latéral entre des machines virtuelles - Google Patents

Détection d'attaques de canal latéral entre des machines virtuelles Download PDF

Info

Publication number
WO2015084344A1
WO2015084344A1 PCT/US2013/073140 US2013073140W WO2015084344A1 WO 2015084344 A1 WO2015084344 A1 WO 2015084344A1 US 2013073140 W US2013073140 W US 2013073140W WO 2015084344 A1 WO2015084344 A1 WO 2015084344A1
Authority
WO
WIPO (PCT)
Prior art keywords
rate
side channel
value
cmr
ipi
Prior art date
Application number
PCT/US2013/073140
Other languages
English (en)
Inventor
Kevin S. FINE
Original Assignee
Empire Technolgy Development, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Empire Technolgy Development, Llc filed Critical Empire Technolgy Development, Llc
Priority to CN201380081397.5A priority Critical patent/CN105917345B/zh
Priority to US14/384,677 priority patent/US9438624B2/en
Priority to KR1020167011581A priority patent/KR101807441B1/ko
Priority to PCT/US2013/073140 priority patent/WO2015084344A1/fr
Publication of WO2015084344A1 publication Critical patent/WO2015084344A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Definitions

  • a cloud infrastructure provider may leverage economies of scale to provide dynamic and on-demand computing resources at lower cost.
  • Virtualization is one of the tools that may be utilized by an infrastructure provider to increase efficiency and enhance performance.
  • Virtual machines (VMs) from multiple customers may share physical resources such as servers. Shared resources may lead to multiple mutually distrusting customers simultaneously sharing physical resources from the same provider.
  • Customers may be aware of the shared nature of cloud infrastructure. One obstacle preventing customers from migrating to cloud computing is the fear of spying from other users.
  • the present disclosure generally describes techniques to operate a detector to identify side channel attacks between virtual machines.
  • a method is provided to detect a side channel attack between virtual machines.
  • the method may include monitoring an inter-processor interrupt (IPI) rate of a first virtual machine (VM), monitoring a time stamp counter (TSC) rate of a second VM, monitoring a cache miss ratio (CMR) of a third VM, and detecting the side channel attack based on the IPI rate, the TSC rate, and the CMR.
  • IPI inter-processor interrupt
  • TSC time stamp counter
  • CMR cache miss ratio
  • a computing device may be provided to detect a side channel attack between virtual machines.
  • the computing device may include a memory configured to store instructions, a controller coupled to the memory, where the controller executes a side channel attack detection module.
  • the side channel attack detection module may be configured to monitor an inter-processor interrupt (IPI) rate of a first virtual machine (VM), detect the IPI rate to exceed a predetermined IPI rate threshold, label the first VM as at least one from a set of: an accomplice candidate and a bystander candidate, monitor a cache miss ratio (CMR) of a third VM, detect the CMR to exceed a predetermined CMR threshold, and label the third VM as a victim candidate.
  • a computer-readable medium may be provided to detect a side channel attack between virtual machines. The instructions may cause a method to be performed in response to execution, the method being similar to the methods described herein.
  • FIG. 1 illustrates an example schema of virtual machines in an environment with side channel attacks
  • FIG. 2 illustrates an example of a side channel attack between virtual machines
  • FIG. 3 illustrates another example of a side channel attack between virtual machines
  • FIG. 4 illustrates an example flow diagram of operating a detector to identify a side channel attack between virtual machines
  • FIG. 5 illustrates an example of a detector used to detect a side channel attack between virtual machines
  • FIG. 6 illustrates a general purpose computing device, which may be used to operate a detector to identify a side channel attack between virtual machines
  • FIG. 7 is a flow diagram illustrating an example method to operation a detector to identify a side channel attack between virtual machines.
  • FIG. 8 illustrates a block diagram of an example computer program product to operate a detector to identify a side channel attack between virtual machines
  • This disclosure is generally drawn, inter alia, to methods, apparatus, systems, devices, and/or computer program products related to operation of a detector to identify a side channel attack between virtual machines.
  • technologies are directed to a detector to identify a side channel attack between virtual machines.
  • an inter-processor interrupt (IPI) rate of a first virtual machine (VM), a time stamp counter (TSC) rate of a second VM, and a cache miss ratio (CMR) of a third VM may be monitored.
  • IPI inter-processor interrupt
  • TSC time stamp counter
  • CMR cache miss ratio
  • FIG. 1 illustrates an example schema of virtual machines in an environment with side channel attacks, arranged in accordance with at least some embodiments described herein.
  • a virtual machine kernel (vmKernel) 116 may manage multiple virtual machine managers (VMM)s 1 10, 1 12, and 1 14.
  • a virtual machine may be a self-contained execution environment for applications and services.
  • a virtual machine may execute high-level applications such as operating systems.
  • a VMM may manage and monitor a VM and provide resources to allow the VM to execute.
  • the VMM 110 may provide a virtual central processing unit (vCPU) 1 to execute operations associated with a VM.
  • a vCPU may be a processor placeholder such as a thread.
  • Each VM may be assigned a vCPU, which in turn may be assigned to a processor to execute operations associated with a VM.
  • a VM and a vCPU may be synonymous terms used to describe a self-contained execution environment.
  • the VMM 1 12 may manage dual VMs.
  • the dual VMs may be assigned to a vCPU 2 and a vCPU 3.
  • the VMM 1 14 may manage another VM assigned to a vCPU 4.
  • the vmKernel 116 may manage execution of instructions from the vCPU 1, the vCPU 2, the vCPU 3, and the vCPU 4 by allocating physical resources such as a physical CPU (pCPU) 1 (120) and a pCPU 2 (118) to execute the instructions.
  • pCPU physical CPU
  • An attacker 106 sending instructions through the vCPU 3 may take advantage of shared resources with a victim 108 to execute a side channel attack to capture instructions executed by the victim 108.
  • the attacker 106 may use an accomplice 104 during the side channel attack.
  • the accomplice 104 may issue IPIs to the attacker 106 to enable the attacker 106 to interrupt execution of instructions by the victim 108.
  • a bystander 102 may or may not take part in the side channel attack.
  • the bystander 102 may include the VMM 110 that may execute instructions before or after those instructions are executed by the victim 108 on one of the shared resources such as the pCPU 1 (120) or the pCPU 2 (1 18).
  • the attacker 106 may take advantage of commonly used code base of an application to execute a side channel attack. Commonly used code base may include open source code elements or libraries used to construct applications. The attacker 106 may determine a path followed by an application executing in a commonly used processor between the victim 108 and the attacker 106 such as the pCPU 1 (120) or the pCPU 2 (118). Knowledge of the path may be used to determine data input or output of the application (executed by the victim 108) such as secret keys.
  • the execution path may be determined by examining the instructions of the victim 108 loaded into an LI instruction cache of a commonly used processor.
  • the attacker 106 may use a prime probe attack protocol to examine the LI instruction cache or an instruction cache (I-cache), for example.
  • the attacker 106 using the prime probe attack protocol may completely load I-cache with dummy instructions (that is, imitation instructions).
  • the attacker 106 may allow the victim 108 to execute a few instructions using the I-cache.
  • the attacker 106 may measure a time it takes to load each dummy instruction into the I-cache.
  • the attacker 106 may measure the time it takes to load the I-cache using a read time stamp counter (rdtsc) instruction.
  • the rdtsc instruction may read the time stamp counter (TSC).
  • TSC time stamp counter
  • the TSC is a counter (for example, 64- bit) on a processor, which counts a total number of clock cycles since a reset.
  • a variance in a returned value before and after execution of the rdtsc instruction may determine a time of instruction consumption. If the attacker 106 loads a previously evicted cache location, the time of instruction consumption may be a large value.
  • the attacker 106 may be aware that the cache location was used for an executed instruction by the victim 108. [0018] A direct relationship between the cache location and a system memory location may not be discernable.
  • a cache is set-associative. That is, a location within the cache of instructions associated with an executed application may correspond only to a subset of locations within the system memory associated with the executed application. Therefore, monitoring used cache locations may allow the attacker 106 to determine the execution path of the victim 108.
  • the attacker 106 may use an observation granularity, an observation noise, and a vCPU migration to execute the side channel attack.
  • the observation granularity may encapsulate an observation period by the attacker 106.
  • a vmKernel may allow the victim 108 to execute instructions during a predetermined period of time.
  • a number of executed instructions by the victim 108 may be a relatively large number, which may prevent analysis of the instructions by the attacker 106. For example, if the process runs uninterrupted for 30 milliseconds while executing 3 billion instructions per second a total of approximately 90 million instructions may be executed.
  • the attacker 106 may interrupt the execution of instructions by the victim 108 to lower the observation granularity.
  • the attacker 106 may use IPIs to interrupt execution of instructions by the victim 108.
  • the attacker 106 may also use a second attacker process such as the accomplice 104.
  • An example of the second attacker process may include the accomplice 104 configured to execute an iteration that issues IPIs to the attacker 106.
  • the iteration may prompt the vmKernel to instigate the attacker to manage the IPI and prevent execution by the victim 108.
  • the victim 108's execution time may be shortened because the attacker 106 may interrupt an executed application by the victim 108 to manage the IPI. Shortened execution time of the victim 108 may allow the attacker 106 to trace the execution path of the victim 108's executed application.
  • the observation noise may encapsulate noise associated with manual analysis of the victim 108's instructions.
  • the attacker 106 may determine a measurement time of an execution by the victim 108 to include the observation noise that inhibits an analysis of the victim 108's instructions.
  • the attacker 106 may use a machine learning algorithm that includes a support vector machine (SVM) based on a hidden Markov model (HMM) to overcome the observation noise, for example.
  • SVM support vector machine
  • HMM hidden Markov model
  • the attacker 106 may infer executed operation with few errors using the machine learning algorithm.
  • the vCPU migration may encapsulate physical resource sharing.
  • the attacker may share the pCPU 1 (120) with the victim 108.
  • the attacker 106 may not share the pCPU 1 (120).
  • the attacker 106 may aggregate code fragment sequences associated with the victim 108 using the machine learning algorithm that includes the SVM and the HMM to determine time measurements associated with the victim 108.
  • FIG. 2 illustrates an example of a side channel attack between virtual machines, arranged in accordance with at least some embodiments described herein.
  • a vmKernel may use a timeshare scheme to execute instructions by vCPUs 208 of VMMs on a pCPU 1 (204) and a pCPU 2 (206) through a time 202.
  • a bystander may execute operations initially on the pCPU 1 (204).
  • an attacker and a victim may execute instructions on the pCPU 2 (206). The attacker may be unable to interrupt the victim's execution of instructions during a period of time in which the bystander executes instructions on the pCPU 1 (204).
  • an accomplice may allow the attacker to monitor the executed instructions of the victim by interrupting an execution by the victim.
  • Interrupted execution periods on the pCPU 2 (206) may allow the attacker to monitor an execution path of instructions by the victim through monitoring of instructions of cache of pCPU 2 (206) shared with the victim.
  • the accomplice may aid the attacker by transmitting an inter-processor interrupt 210 to allow the attacker to execute an instruction on the pCPU 2 (206) and interrupt the execution of instructions by the victim.
  • the accomplice may send multiple IP Is to the attacker to interrupt execution of instructions by the victim on the pCPU 2 (206).
  • the attacker may be allowed to perform a prime probe attack to monitor the instructions executed by the victim in an iterative process. The iterative process may continue until the accomplice is replaced by the bystander at the pCPU 1 (204).
  • the attacker may record a timing data for analysis of the cache of pCPU 2 (206) shared with the victim.
  • FIG. 3 illustrates another example of a side channel attack between virtual machines, arranged in accordance with at least some embodiments described herein.
  • a diagram 300 shows components of a side channel attack.
  • Three vCPUs may be involved in the side channel attack in a datacenter hosting VMs.
  • the vCPUs may execute instructions on a pCPU 1 (302) and a pCPU 2 (308).
  • An attacker 1 (304) may issue IPIs to the pCPU 2 (308).
  • the attacker 1 (304) may be an accomplice.
  • An attacker 2 (306) may execute rdtsc instructions to the pCPU 2 (308).
  • the attacker 2 (306) may be allowed to change places with a victim 310 to execute instructions on the pCPU 2 (308).
  • the attacker 2 (306) may monitor cache of pCPU 2 (308) to determine executed instructions by the victim 310 stored in the cache during a period of interruption as a result of IPIs issued by the attacker 1 (304).
  • the victim 310 may have LI cache or I-cache misses because of the IPIs interrupting execution of instructions by the victim 310.
  • Each action, described above, may occur separately during normal operations at a datacenter. However, the actions occurring together may be an indicator of the side channel attack. Prevention of the side channel attack may be accomplished by a detector which correlates commonly used metrics between multiple vCPUs to spot behavior that signals a cross VM timing attack.
  • FIG. 4 illustrates an example flow diagram of operating a detector to identify a side channel attack between virtual machines, arranged in accordance with at least some embodiments described herein.
  • detection of a side channel attack may involve a number of operations.
  • a detector may analyze metrics from monitors monitoring vCPUs executing instructions on pCPUs through a vmKernel at operation 402 (ANALYZE
  • the metrics may include an IPI rate, a TSC rate, and a CMR.
  • the IPI rate of a vCPU_m (that is, a first VM) may be compared to a predetermined IPI rate threshold at operation 404 (IS IPI RATE OF Vcpu m GREATER THEN IPI RATE THRESHOLD?).
  • the IPI rate threshold may be determined by a dynamic system setting that is adjustable based on a number of parameters associated with the vmKernel, a pCPU, a vCPU, a VM, or a VMM. Alternatively, the IPI rate threshold may be set manually by an external or an internal source such as the datacenter.
  • the vCPU m may be labeled an accomplice at operation 406 (LABEL vCPU_m ACCOMPLICE).
  • the vCPU_m may be part of an attacker pair.
  • a vCPU_n (that is, a second VM) receiving the IPIs from the vCPU_m may be identified as an attacker at operation 408 (IDENTIFY vCPU_n ATTACKER
  • the vCPU_n may be interrupted by the vCPU_m.
  • the vCPU_n may be the other part of the attacker pair.
  • the interrupted vCPU n may be allowed to execute on a pCPU used by a co-executor vCPU_k (that is, a third VM).
  • Execution of instructions such as an RDTSC by the vCPU n on the pCPU may interrupt execution of instructions by the co-executor vCPU_k.
  • the co-executor vCPU_k may be identified as a victim at operation 410 (IDENTIFY CO-EXECUTOR vCPU k VICTIM OF vCPU_n ATTACKER).
  • a CMR of the vCPU k may be compared to a CMR threshold at operation 412 (IS CMR OF vCPU_k GREATER THAN CMR THRESHOLD?).
  • the CMR may be a number of cache misses divided by a total cache access associated with a vCPU (or a VM).
  • Caches may be designed to keep the CMR close to zero.
  • a prime probe attack may force the vCPU_k to have the CMR near a value of one.
  • a vCPU with a high CMR near to the value of one may further be examined to determine the side channel attack.
  • the CMR threshold may be determined by a dynamic system setting adjustable based on number of parameters associated with the vmKernel, the pCPU, the vCPU, the VM, or the VMM. Alternatively, the CMR threshold may be set manually by an external or an internal source such as the datacenter. In response to determining the CMR higher than the CMR threshold, a suspicion value or an S mnk associated with the side channel attack based on the three vCPUs may be computed.
  • the S mnk may be computed based on the IPI rate of the vCPU m, a TSC rate of the vCPU n, and the CMR of the vCPU k.
  • the computed the S mnk may be compared to a suspicion value threshold at operation 414 (IS S_mnk GREATER THAN S
  • the suspicion value threshold may be determined by a dynamic system setting adjustable based on a number of parameters associated with the vmKernel, the pCPU, the vCPU, the VM, or the VMM. Alternatively, the suspicion value threshold may be set manually by an external or an internal source such as the datacenter. In response to determining the suspicion value S_mnk higher than the suspicion value threshold, a system, such as a datacenter management, may be notified of the side channel attack associated with the vCPU_m, the vCPU_n, and the vCPU_k at operation 416 (NOTIFY SYSTEM).
  • the formula may heuristically increase the suspicion value of the S_mnk in response to an increase in a suspicious behavior.
  • the factors ⁇ , ⁇ , and ⁇ may be included to allow datacenters to configure or adjust the formula to compute the S mnk to a real world behavior.
  • a default value for each of ⁇ , ⁇ , and ⁇ may be 1.0, for example.
  • the vCPU_m and the vCPU_n may be identified as attackers (or the attacker pair).
  • an event identifying the vCPUs as the attackers may be recorded in a data store.
  • the event may be generated by clustering the IPI rate, the TSC, the CMR and data associated with the vCPU_m, the vCPU_n, and the vCPU_k into the event.
  • the vCPU_n may be forced to execute alone on the pCPU.
  • the IPI rate threshold, the TSC rate threshold, the CMR threshold, and the suspicion threshold may be configured by the datacenter in some examples.
  • CMR of an LI data cache may also be monitored instead of CMR of an LI instruction cache (Lli).
  • Side channel attacks on the LI data cache may be similarly likely as on the Lli.
  • the side channel attack on an L2 and an L3 cache may be unlikely because of increased size of the L2 and the L3 cache, mixed instructions in the L2 and L3 cache, and increased distance of the L2 and the L3 cache from the pCPU.
  • interrupts may also be monitored because the accomplice VM may use alternate interrupts including input/output (LO) interrupts to interrupt the attacker VM and force the victim VM to stop executing instructions.
  • LO input/output
  • a detector monitoring and analyzing interrupts to detect the side channel attack may monitor IPIs as well as other interrupts.
  • the attacker may use an instruction other than rdtsc to time events.
  • the detector may monitor CMR associated with the victim and the IPI rate associated with the accomplice to determine the side channel attack.
  • the CMR above the CMR threshold and the IPI rate above the IPI rate threshold may indicate the side channel attack.
  • FIG. 5 illustrates an example of a detector used to detect a side channel attack between virtual machines, arranged in accordance with at least some embodiments described herein.
  • a bystander vCPU 1 may be managed by a VMM 502
  • an accomplice vCPU 2 and an attacker vCPU 3 may be managed by a VMM 504
  • a victim vCPU 4 may be managed by a VMM 506.
  • a vmKernel 508 may allocate resources to allow vCPUs 1, 2, 3, and 4 to execute instructions.
  • the vmKernel 508 may manage the resources pCPU 1 (512) and pCPU 2 (514).
  • the vmKernel 508 may host a detector 510 analyzing metrics transmitted from monitors in the VMMs 502, 504, and 506.
  • the monitors may monitor metrics including an IPI rate, a TSC rate, and a CMR associated with the vCPU 1, the vCPU 2, the vCPU 3, and the vCPU 4.
  • the detector may analyze the IPI rate, the TSC rate, and the CMR to determine a suspicion value associated with the vCPU 2, the vCPU 3, and the vCPU 4.
  • the suspicion value may be compared to a suspicion value threshold to identify the vCPU 2 and the vCPU 3 as an attacker pair.
  • FIG. 6 illustrates a general purpose computing device, which may be used to operate a detector to identify a side channel attack between virtual machines, arranged in accordance with at least some embodiments described herein.
  • the computing device 600 of the FIG. 6 may be one or more of the vmKernel 508 executed by a datacenter, or some other device that is not shown in FIG. 1, 2, 3, 4, and 5.
  • computing device 600 typically includes one or more processors 604 and a system memory 606.
  • a memory bus 608 may be used for communicating between processor 604 and system memory 606.
  • processor 604 may be of any type including but not limited to a microprocessor ( ⁇ ), a microcontroller ( ⁇ ), a Digital Signal Processor (DSP), or any combination thereof.
  • Processor 604 may include one more levels of caching, such as a level cache memory 612, a processor core 614, and registers 616.
  • Example processor core 614 may include an Arithmetic Logic Unit (ALU), a floating point unit (FPU), a Digital Signal Processing core (DSP Core), or any combination thereof.
  • An example memory controller 618 may also be used with processor 604, or in some implementations, memory controller 614 may be an internal part of processor 604.
  • system memory 606 may be of any type including but not limited to volatile memory (such as RAM), non- volatile memory (such as ROM, flash memory, etc.) or any combination thereof.
  • System memory 606 may include an operating system 620, a detector application 622, and program data 624.
  • the detector application 622 may include a side channel module 626 that is arranged to detect a side a channel attack between VMs (or vCPUs).
  • Program data 624 may include one or more of metrics data 628 and similar data as discussed above in conjunction with at least FIG. 1, 2, 3, 4, and 5. This data may be useful for detecting the side channel attack between VMs as described herein.
  • This described basic configuration 602 is illustrated in FIG. 6 by those components within the inner dashed line.
  • Computing device 600 may have additional features or functionality, and additional interfaces to facilitate communications between basic configuration 602 and any required devices and interfaces.
  • a bus/interface controller 630 may be used to facilitate communications between basic configuration 602 and one or more data storage devices 632 via a storage interface bus 634.
  • Data storage devices 632 may be removable storage devices 636, non-removable storage devices 638, or a combination thereof.
  • Examples of removable storage and non-removable storage devices include magnetic disk devices such as flexible disk drives and Hard-Disk Drives (HDDs), optical disk drives such as Compact Disk (CD) drives or Digital Versatile Disk (DVD) drives, Solid State Drives (SSDs), and tape drives to name a few.
  • Example computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
  • System memory 606, removable storage devices 636 and non-removable storage devices 638 are examples of computer storage media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD- ROM, digital versatile disks (DVDs) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which may be used to store information and which may be accessed by computing device 600. Any such computer storage media may be part of computing device 600.
  • Computing device 600 may also include an interface bus 640 for facilitating communication from various interface devices (for example, output devices 642, peripheral interfaces 644, and communication devices 666 to basic configuration 602 via bus/interface controller 630.
  • Example output devices 642 include a graphics processing unit 648 and an audio processing unit 650, which may be configured to communicate to various external devices such as a display or speakers via one or more A/V ports 652.
  • Example peripheral interfaces 644 include a serial interface controller 654 or a parallel interface controller 656, which may be configured to communicate with external devices such as input devices (for example, keyboard, mouse, pen, voice input device, touch input device, etc.) or other peripheral devices (for example, printer, scanner, etc.) via one or more I/O ports 658.
  • An example communication device 666 includes a network controller 660, which may be arranged to facilitate communications with one or more other computing devices 662 over a network communication link via one or more communication ports 664.
  • the network communication link may be one example of a communication media.
  • Communication media may typically be embodied by computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and may include any information delivery media.
  • a "modulated data signal" may be a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
  • communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), microwave, infrared (IR) and other wireless media.
  • RF radio frequency
  • IR infrared
  • the term computer readable media as used herein may include both storage media and communication media.
  • Computing device 600 may be implemented as a portion of a physical server, virtual server, a computing cloud, or a hybrid device that include any of the above functions.
  • Computing device 600 may also be implemented as a personal computer including both laptop computer and non-laptop computer configurations.
  • computing device 600 may be implemented as a networked system or as part of a general purpose or specialized server.
  • Networks for a networked system including computing device 600 may comprise any topology of servers, clients, switches, routers, modems, Internet service providers, and any appropriate communication media (for example, wired or wireless communications).
  • a system according to embodiments may have a static or dynamic network topology.
  • the networks may include a secure network such as an enterprise network (for example, a LAN, WAN, or WLAN), an unsecure network such as a wireless open network (for example, IEEE 802.1 1 wireless networks), or a world-wide network such (for example, the Internet).
  • the networks may also comprise a plurality of distinct networks that are adapted to operate together. Such networks are configured to provide communication between the nodes described herein.
  • these networks may include wireless media such as acoustic, RF, infrared and other wireless media.
  • the networks may be portions of the same network or separate networks.
  • FIG. 7 is a flow diagram illustrating an example method to operation a detector to identify a side channel attack between virtual machines that may be performed by a computing device 710, such as the computing device 600 in FIG. 6, arranged in accordance with at least some embodiments described herein.
  • the computing device 710 may be embodied as computing device 600, or similar devices executing instructions stored in a non-transitory computer-readable medium 720 for performing the method.
  • a process to operate a detector to identify a side channel attack between virtual machines may include one or more operations, functions or actions as is illustrated by one or more of blocks 722, 724, 726, and/or 728.
  • Some example processes may begin with an operation 722, "MONITOR AN INTER-PROCESSOR INTERRUPT (IPI) RATE OF A FIRST VIRTUAL MACHINE (VM)."
  • the computing device 600 may identify a VM having an IPI rate higher than a predetermined IPI rate threshold as the accomplice 104.
  • the operation 722 may be followed by an operation 724, "MONITOR A TIME STAMP COUNTER (TSC) RATE OF A SECOND VM.”
  • TSC TSC
  • the computing device 600 may identify a VM having a TSC rate higher than a predetermined TSC rate threshold as the attacker 106.
  • the operation 724 may be followed by an operation 726, "MONITOR A CACHE MISS RATIO (CMR) OF A THIRD VM.”
  • the computing device 600 may identify a VM having a CMR higher than a predetermined CMR rate threshold as the victim 108.
  • FIG. 8 illustrates a block diagram of an example computer program product to operate a detector to identify a side channel attack between virtual machines, arranged in accordance with at least some embodiments described herein.
  • computer program product 800 may include a signal bearing medium 802 that may also include machine readable instructions 804 that, in response to execution by, for example, a processor, may provide the functionality described above with respect to FIG 1 through FIG. 7.
  • machine readable instructions 804 that, in response to execution by, for example, a processor, may provide the functionality described above with respect to FIG 1 through FIG. 7.
  • one or more of the tasks shown in FIG. 8 may be undertaken in response to instructions 804 conveyed to the computing device 600 by medium 802 to perform actions associated with a detector to identify side channel attacks between virtual machines.
  • Some of those instructions may include monitoring an inter-processor interrupt (IPI) rate of a first virtual machine (VM), monitoring a time stamp counter (TSC) rate of a second VM, monitoring a cache miss ratio (CMR) of a third VM, and detecting the side channel attack based on the IPI rate, the TSC rate, and the CMR.
  • IPI inter-processor interrupt
  • TSC time stamp counter
  • CMR cache miss ratio
  • signal bearing medium 802 depicted in FIG. 8 may encompass a non-transitory computer-readable medium 806, such as, but not limited to, a hard disk drive, a Compact Disc (CD), a Digital Versatile Disk (DVD), a digital tape, memory, etc.
  • signal bearing medium 802 may encompass a recordable medium 808, such as, but not limited to, memory, read/write (R/W) CDs, RAV DVDs, etc.
  • signal bearing medium 802 may encompass a communications medium 810, such as, but not limited to, a digital and/or an analog communication medium (for example, a fiber optic cable, a waveguide, a wired
  • computer program product 800 may be conveyed to the processor 804 by an RF signal bearing medium 802, where the signal bearing medium 802 is conveyed by a wireless communications medium 810 (for example, a wireless communications medium conforming with the IEEE 802.11 standard).
  • a wireless communications medium 810 for example, a wireless communications medium conforming with the IEEE 802.11 standard.
  • a method is provided to detect a side channel attack between virtual machines.
  • the method may include monitoring an inter-processor interrupt (IPI) rate of a first virtual machine (VM), monitoring a time stamp counter (TSC) rate of a second VM, monitoring a cache miss ratio (CMR) of a third VM, and detecting the side channel attack based on the IPI rate, the TSC rate, and the CMR.
  • IPI inter-processor interrupt
  • TSC time stamp counter
  • CMR cache miss ratio
  • detecting the side channel attack may include detecting the IPI rate to exceed a predetermined IPI rate threshold, and labeling the first VM as at least one from a set of: an accomplice candidate and a bystander candidate. Detecting the side channel may also include detecting the TSC rate to exceed a predetermined TSC rate threshold, and labeling the second VM as an attacker candidate. Detecting the side channel may further include detecting the CMR to exceed a predetermined CMR threshold, and labeling the third VM as a victim candidate.
  • the method may further include detecting one or more IPI sent by the first VM and received by the second VM, and determining the second VM to be interrupted by the first VM.
  • the CMR may be determined through a first number of cache misses divided by a second number of total cache accessed by the third VM.
  • a suspicion value associated with the side channel attack may be computed by: determining a first value based on a quotient of the IPI rate and a predetermined IPI rate threshold, determining a second value based on a quotient of the TSC rate and a predetermined TSC rate threshold, determining a third value based on a quotient of the CMR and a predetermined CMR threshold, and adding the first value, the second value, and the third value to compute the suspicion value.
  • the suspicion value may be detected to exceed a predetermined suspicion value threshold, and the first VM and the second VM may be identified as an attacker pair.
  • One or more datacenter operator may be allowed to adjust one or more from a set of: a predetermined IPI rate threshold, a predetermined TSC threshold, a predetermined CMR threshold, and a predetermined suspicion value threshold.
  • the method may further include clustering the IPI rate, the TSC, the CMR and data associated with the first VM, second VM, and third VM into an event in response to determining the side channel attack, and recording the event in a data store.
  • One or more datacenter operator may be notified in response to determining the side channel attack.
  • a computing device may be provided to detect a side channel attack between virtual machines.
  • the computing device may include a memory configured to store instructions, a controller coupled to the memory, where the controller executes a side channel attack detection module.
  • the side channel attack detection module may be configured to monitor an inter-processor interrupt (IPI) rate of a first virtual machine (VM), detect the IPI rate to exceed a predetermined IPI rate threshold, label the first VM as at least one from a set of: an accomplice candidate and a bystander candidate, monitor a cache miss ratio (CMR) of a third VM, detect the CMR to exceed a predetermined CMR threshold, and label the third VM as a victim candidate.
  • IPI inter-processor interrupt
  • VM virtual machine
  • CMR cache miss ratio
  • the side channel attack detection module may be further configured to monitor a time stamp counter (TSC) rate of a second VM, and detecting the side channel attack based on the IPI rate, the TSC rate, and the CMR.
  • TSC rate may be detected to exceed a predetermined TSC rate threshold, and the second VM may be labeled as an attacker candidate.
  • One or more IPI sent by the first VM and received by the second VM may be detected, and the second VM may be determined as interrupted by the first VM.
  • the CMR may be computed through a first number of cache misses divided by a second number of total cache accessed by the third VM.
  • the side channel attack detection module may be further configured to compute a suspicion value associated with the side channel attack through an operation to: determine a first value based on a quotient of the IPI rate and a predetermined IPI rate threshold, determine a second value based on a quotient of a TSC rate if a second VM and a predetermined TSC rate threshold, determine a third value based on a quotient of the CMR and a predetermined CMR threshold, and add the first value, the second value, and the third value to compute the suspicion value.
  • the side channel attack detection module may be further configured to compute the suspicion value for the first VM, the second VM, and the third VM, detect the suspicion value to exceed a predetermined suspicion value threshold, and identify the first VM and the second VM as an attacker pair.
  • the IPI rate, the TSC rate, the CMR and data associated with the first VM, a second VM, and the third VM may be clustered into an event in response to determining the side channel attack, and the event may be recorded in a data store.
  • One or more datacenter operators may be allowed to adjust one or more from a set of: the predetermined IPI rate threshold, the predetermined TSC rate threshold, the predetermined CMR threshold, and a predetermined suspicion value threshold.
  • One or more datacenter operators may be notified in response to determining the side channel attack.
  • a computer-readable medium may be provided to detect a side channel attack between virtual machines.
  • the instructions may cause a method to be performed in response to execution, the method being similar to the methods described above.
  • the implementer may opt for a mainly hardware and/or firmware vehicle; if flexibility is paramount, the implementer may opt for a mainly software implementation; or, yet again alternatively, the implementer may opt for some combination of hardware, software, and/or firmware.
  • embodiments disclosed herein, in whole or in part, may be equivalently implemented in integrated circuits, as one or more computer programs running on one or more computers (for example, as one or more programs running on one or more computer systems), as one or more programs running on one or more processors (for example as one or more programs running on one or more microprocessors), as firmware, or as virtually any combination thereof, and that designing the circuitry and/or writing the code for the software and or firmware would be well within the skill of one of skill in the art in light of this disclosure.
  • Examples of a signal bearing medium include, but are not limited to, the following: a recordable type medium such as a floppy disk, a hard disk drive, a Compact Disc (CD), a Digital Versatile Disk (DVD), a digital tape, a computer memory, etc.; and a transmission type medium such as a digital and/or an analog communication medium (for example, a fiber optic cable, a waveguide, a wired communications link, a wireless communication link, etc.).
  • a typical data processing system generally includes one or more of a system unit housing, a video display device, a memory such as volatile and non-volatile memory, processors such as microprocessors and digital signal processors, computational entities such as operating systems, drivers, graphical user interfaces, and applications programs, one or more interaction devices, such as a touch pad or screen, and/or control systems including feedback loops.
  • a typical data processing system may be implemented utilizing any suitable commercially available components, such as those typically found in data
  • any two components so associated may also be viewed as being “operably connected”, or “operably coupled”, to each other to achieve the particular functionality, and any two components capable of being so associated may also be viewed as being “operably couplable”, to each other to achieve the particular functionality.
  • operably couplable include but are not limited to physically connectable and/or physically interacting components and/or wirelessly interactable and/or wirelessly interacting components and/or logically interacting and/or logically interactable components.
  • a range includes each individual member.
  • a group having 1-3 cells refers to groups having 1, 2, or 3 cells.
  • a group having 1-5 cells refers to groups having 1, 2, 3, 4, or 5 cells, and so forth.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention porte sur des technologies qui concernent un détecteur pour identifier une attaque de canal latéral entre des machines virtuelles. Selon certains exemples, un taux d'interruptions inter-processeurs (IPI) d'une première machine virtuelle (VM), un taux de compteurs d'estampilles temporelles (TSC) d'une deuxième VM, et un rapport d'absence de cache (CMR) d'une troisième VM peuvent être surveillés. Une attaque de canal latéral peut ensuite être détectée sur la base du taux d'IPI, du taux de TSC et du CMR.
PCT/US2013/073140 2013-12-04 2013-12-04 Détection d'attaques de canal latéral entre des machines virtuelles WO2015084344A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201380081397.5A CN105917345B (zh) 2013-12-04 2013-12-04 虚拟机之间的边信道攻击的检测
US14/384,677 US9438624B2 (en) 2013-12-04 2013-12-04 Detection of side channel attacks between virtual machines
KR1020167011581A KR101807441B1 (ko) 2013-12-04 2013-12-04 가상 머신들 간의 사이드 채널 공격들의 검출
PCT/US2013/073140 WO2015084344A1 (fr) 2013-12-04 2013-12-04 Détection d'attaques de canal latéral entre des machines virtuelles

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2013/073140 WO2015084344A1 (fr) 2013-12-04 2013-12-04 Détection d'attaques de canal latéral entre des machines virtuelles

Publications (1)

Publication Number Publication Date
WO2015084344A1 true WO2015084344A1 (fr) 2015-06-11

Family

ID=53273903

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2013/073140 WO2015084344A1 (fr) 2013-12-04 2013-12-04 Détection d'attaques de canal latéral entre des machines virtuelles

Country Status (4)

Country Link
US (1) US9438624B2 (fr)
KR (1) KR101807441B1 (fr)
CN (1) CN105917345B (fr)
WO (1) WO2015084344A1 (fr)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015179865A1 (fr) * 2014-05-23 2015-11-26 The George Washington University Système et procédé pour découvrir des canaux de synchronisation cachés
WO2016108980A2 (fr) * 2014-10-03 2016-07-07 The Trustees Of The University Of Pennsylvania Procédés, systèmes et supports lisibles par ordinateur permettant de détecter des canaux de synchronisation cachés
CN106295337B (zh) * 2015-06-30 2018-05-22 安一恒通(北京)科技有限公司 用于检测恶意漏洞文件的方法、装置及终端
KR102411884B1 (ko) 2017-09-28 2022-06-22 삼성전자주식회사 전자 장치 및 그의 제어 방법
US10521585B2 (en) * 2017-10-02 2019-12-31 Baidu Usa Llc Method and apparatus for detecting side-channel attack
KR102424357B1 (ko) 2017-10-24 2022-07-25 삼성전자주식회사 부채널 공격으로부터 정보를 보호하는 방법 및 디바이스
FR3080203B1 (fr) * 2018-04-17 2020-03-27 Renault S.A.S. Procede de filtrage de flux d’attaque visant un module de connectivite
CN109033826B (zh) * 2018-06-26 2019-06-28 天津飞腾信息技术有限公司 可抵御边信道攻击的缓存加固方法及装置
US10929535B2 (en) * 2018-06-29 2021-02-23 Intel Corporation Controlled introduction of uncertainty in system operating parameters
CN112437921B (zh) * 2018-08-24 2024-02-02 赫尔实验室有限公司 网络攻击检测的系统、方法和非暂时性计算机可读介质
US20220360597A1 (en) * 2019-08-29 2022-11-10 Darktrace Holdings Limited Cyber security system utilizing interactions between detected and hypothesize cyber-incidents
US11316875B2 (en) * 2020-01-31 2022-04-26 Threatology, Inc. Method and system for analyzing cybersecurity threats and improving defensive intelligence
CN111289890A (zh) * 2020-02-27 2020-06-16 致能装备科技(集团)有限公司 一种基于边信道的dtu安全监测方法
WO2022092499A1 (fr) * 2020-10-30 2022-05-05 재단법인대구경북과학기술원 Procédé et appareil de détection d'attaque de canal côté cache utilisant un environnement d'exécution fiable
CN115021892B (zh) * 2022-07-22 2024-09-27 紫光同芯微电子有限公司 一种侧信道冗余数据移除方法及装置

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5761715A (en) * 1995-08-09 1998-06-02 Kabushiki Kaisha Toshiba Information processing device and cache memory with adjustable number of ways to reduce power consumption based on cache miss ratio
US7418733B2 (en) * 2002-08-26 2008-08-26 International Business Machines Corporation Determining threat level associated with network activity
US20110214187A1 (en) * 2010-03-01 2011-09-01 Silver Tail Systems, Inc. System and Method for Network Security Including Detection of Attacks Through Partner Websites
US20120266221A1 (en) * 2009-10-20 2012-10-18 Claude Castelluccia Method for secure communication between devices
US20130232577A1 (en) * 2011-03-07 2013-09-05 Isight Partners, Inc. Information System Security Based on Threat Vectors
US20130297832A1 (en) * 2009-04-24 2013-11-07 Vmware, Inc. Interrupt coalescing for outstanding input/output completions
WO2013172913A2 (fr) * 2012-03-07 2013-11-21 The Trustees Of Columbia University In The City Of New York Systèmes et procédés pour contrer des attaques de canaux latéraux

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IL187046A0 (en) 2007-10-30 2008-02-09 Sandisk Il Ltd Memory randomization for protection against side channel attacks
JP2011182038A (ja) 2010-02-26 2011-09-15 Konica Minolta Business Technologies Inc 画像処理装置、画像処理システムおよび表示画面制御方法
US8359488B2 (en) 2010-04-12 2013-01-22 Red Hat, Inc. Keeping time in multi-processor virtualization environments
US9009385B1 (en) * 2011-06-30 2015-04-14 Emc Corporation Co-residency detection in a cloud-based system
CN102571746B (zh) * 2011-11-23 2014-11-05 西安交通大学 一种面向云计算环境侧通道攻击防御的虚拟机部署方法
US9209968B2 (en) * 2012-03-02 2015-12-08 Sony Corporation Information processing apparatus, information processing method, and program
US9537651B2 (en) * 2012-03-02 2017-01-03 Sony Corporation Information processing apparatus, information processing method, and program
US8813240B1 (en) * 2012-05-30 2014-08-19 Google Inc. Defensive techniques to increase computer security
US9015838B1 (en) * 2012-05-30 2015-04-21 Google Inc. Defensive techniques to increase computer security
CN104937550B (zh) * 2013-01-15 2019-03-26 英派尔科技开发有限公司 以函数为目标的虚拟机切换
US9342343B2 (en) * 2013-03-15 2016-05-17 Adventium Enterprises, Llc Wrapped nested virtualization

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5761715A (en) * 1995-08-09 1998-06-02 Kabushiki Kaisha Toshiba Information processing device and cache memory with adjustable number of ways to reduce power consumption based on cache miss ratio
US7418733B2 (en) * 2002-08-26 2008-08-26 International Business Machines Corporation Determining threat level associated with network activity
US20130297832A1 (en) * 2009-04-24 2013-11-07 Vmware, Inc. Interrupt coalescing for outstanding input/output completions
US20120266221A1 (en) * 2009-10-20 2012-10-18 Claude Castelluccia Method for secure communication between devices
US20110214187A1 (en) * 2010-03-01 2011-09-01 Silver Tail Systems, Inc. System and Method for Network Security Including Detection of Attacks Through Partner Websites
US20130232577A1 (en) * 2011-03-07 2013-09-05 Isight Partners, Inc. Information System Security Based on Threat Vectors
WO2013172913A2 (fr) * 2012-03-07 2013-11-21 The Trustees Of Columbia University In The City Of New York Systèmes et procédés pour contrer des attaques de canaux latéraux

Also Published As

Publication number Publication date
KR20160072135A (ko) 2016-06-22
US9438624B2 (en) 2016-09-06
CN105917345B (zh) 2019-02-05
CN105917345A (zh) 2016-08-31
US20160044059A1 (en) 2016-02-11
KR101807441B1 (ko) 2017-12-08

Similar Documents

Publication Publication Date Title
US9438624B2 (en) Detection of side channel attacks between virtual machines
Shahrad et al. Architectural implications of function-as-a-service computing
Pessl et al. {DRAMA}: Exploiting {DRAM} addressing for {Cross-CPU} attacks
Varadarajan et al. A placement vulnerability study in {Multi-Tenant} public clouds
TWI544328B (zh) 用於經由背景虛擬機器的探測插入的方法及系統
US9164809B2 (en) Virtual processor provisioning in virtualized computer systems
US9465636B2 (en) Controlling virtual machine in cloud computing system
US9086960B2 (en) Ticket consolidation for multi-tiered applications
US9501137B2 (en) Virtual machine switching based on processor power states
US9699058B2 (en) Datacenter health analysis using DNS switching
KR101884548B1 (ko) 멀웨어의 추적 및 검출을 위한 시스템 및 방법
US8793688B1 (en) Systems and methods for double hulled virtualization operations
US9419993B2 (en) Randomization of processor subunit timing to enhance security
WO2014065801A1 (fr) Rapport de temps de système sécurisé
US10146589B2 (en) Processor unplug in virtualized computer systems
Sangeetha et al. An optimistic technique to detect cache based side channel attacks in cloud
US20180067835A1 (en) Adjusting trace points based on overhead analysis
Chen et al. {Cross-VM} and {Cross-Processor} covert channels exploiting processor idle power management
US20220091960A1 (en) Automatic profiling of application workloads in a performance monitoring unit using hardware telemetry
Abdullah et al. Evaluation of virtual desktop infrastructure host using user workload simulator
Buch et al. Trinetra: a solution to handle cross-vm time-driven attack
NasiriGerdeh et al. Performance analysis of Web application in Xen-based virtualized environment
Barbhuiya et al. LS-ADT: Lightweight and Scalable Anomaly Detection for Cloud Datacentres
Milenkoski et al. Towards benchmarking intrusion detection systems for virtualized cloud environments
Li et al. Towards An Out-of-the-box Cloud Application Monitoring Framework

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 14384677

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13898521

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 20167011581

Country of ref document: KR

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13898521

Country of ref document: EP

Kind code of ref document: A1